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About This Guide 


This guide describes how to configure the Novell® Client™ for Linux software. 


* Chapter 1, “Understanding the Novell Client for Linux,” on page 9 

* Chapter 2, “Configuring the Novell Client for Linux,” on page 13 

* Chapter 3, “Managing Login,” on page 23 

* Chapter 4, “Managing File Security," on page 33 

* Chapter 5, “Security Considerations," on page 39 

* Chapter 6, “Troubleshooting Tips,” on page 45 

* Appendix A, “The Novell Client for Linux Command Line Utilities," on page 47 
* Appendix B, “Novell Client for Linux Man Pages,” on page 51 

* Appendix C, *Documentation Updates," on page 89 


Audience 


This guide is intended for network administrators. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 


Documentation Updates 


For the latest version of this documentation, see the Novell Client online documentation (http:// 
www.novell.com/documentation/linux client/index.html). 


Additional Documentation 


For information on installing the Novell Client for Linux, see the Novell Client 2.0 SP3 for Linux 
Installation Quick Start (http://www.novell.com/documentation/linux client/ncl20sp3 installqs/ 
data/ncl20sp3 installqs.html). 


For information on the Novell Client tray application, see the Novell Client 2.0 SP3 for Linux User 
Guide. 


For information on login scripts, see the Novell Login Scripts Guide. 


Documentation Conventions 


In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and 
items in a cross-reference path. 


A trademark symbol @, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party 
trademark. 


About This Guide 


When a single pathname can be written with a backslash for some platforms or a forward slash for 
other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as Linux or UNIX, should use forward slashes as required by your software. 
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Understanding the Novell Client 
for Linux 


The Novell® Client™ for Linux software allows users of Linux workstations or Linux servers to 
access and use all of the services available on servers running Novell eDirectory™. The Novell 
Client brings the full power, ease of use, manageability, and security of eDirectory to Linux 
workstations and Linux servers. The Novell Client for Linux fully supports NetWare®, OES, and 
eDirectory services and utilities on a Linux workstation or a Linux server, including security, file, 
and print services through Novell iPrint. 


This section contains the following information: 
¢ Section 1.1, “Understanding How the Novell Client for Linux Differs from the Novell Client 
for Windows 2000/XP,” on page 9 
* Section 1.2, "Understanding the Novell Client for Linux Virtual File System,” on page 11 


1.1 Understanding How the Novell Client for 
Linux Differs from the Novell Client for Windows 
2000/XP 


Using the Novell Client for Linux differs in a few ways from using the Novell Client for Windows. 
For users and network administrators who are familiar with the Novell Client for Windows, 
knowing these differences can help the transition to Linux run more smoothly. 

* Section 1.1.1, "Installation and Upgrades," on page 9 

* Section 1.1.2, “Logging In,” on page 10 

* Section 1.1.3, “User Interface,” on page 10 

* Section 1.1.4, “Login Scripts,” on page 10 

* Section 1.1.5, “Mapping Volumes,” on page 10 


1.1.1 Installation and Upgrades 


* The Novell Client for Linux can be installed and upgraded by using either YaST or an 
installation script. For more information, see the Novell Client 2.0 SP3 for Linux Installation 
Quick Start (http://www.novell.com/documentation/linux client/ncl20sp3 installqs/data/ 
ncl20sp3 installqs.html). 


* There is no Automatic Client Upgrade available on Linux. 


* The Client Configuration Wizard lets you set up a configuration file that can be used to 
preconfigure workstations during installation. For more information, see Section 2.2, 
"Configuration Files for Preconfiguring the Novell Client,” on page 21. 


Understanding the Novell Client for Linux 


1.1.2 Logging In 


* When a user logs in to a local workstation and then opens a remote SSH session and logs in as 
the same user, the network resources that user has rights to are available to the user. 


+ The Novell Client for Linux can use the NMAS'M login method to authenticate. However, the 
NMAS login is not integrated in to the Novell Client for Linux login screen, so the default 
login sequence cannot be set in the Novell Client Login screen. 


* The Novell Client for Linux uses OpenSLP, whereas the Novell Client for Windows uses 
Novell's implementation of SLP. The network administrator must set up OpenSLP before users 
can look up trees, contexts, and servers using the Browse buttons in the Novell Client Login 
window. If OpenSLP is not set up, the user must enter a username, tree, and context to connect 
to the network. See Chapter 3, "Managing Login," on page 23 for more information. 


Because Linux uses OpenSLP, the implementation is different and the user's experience is 
different. For more information, see Section 3.4, "Using OpenSLP to Simplify Login," on 
page 27. 


* The Novell Client for Linux does not use the Dynamic Local User or Location Profiles that are 
available in Windows. 


1.1.3 User Interface 


Both a graphical user interface and command line utilities are available to complete client actions 
such as mapping drives, setting trustee rights, and copying files. 


For information on using the graphical user interface, see the Novell Client 2.0 SP3 for Linux User 
Guide. For information on using the command line utilities, see Appendix A, "The Novell Client for 
Linux Command Line Utilities," on page 47 and Appendix B, *Novell Client for Linux Man Pages," 
on page 51. 


1.1.4 Login Scripts 


Novell has ported the vast majority of login script functionality to the Linux platform. This means 
that the login scripts you create in your network can be used for both Windows users and Linux 
users with very little difference in functionality. 


Some differences do exist, however. For example, mapped drives are implemented by creating 
symbolic links and search drives are not available on Linux. Other small differences are created by 
the inherent difference between Windows and Linux. All the differences and issues are listed in the 
Novell Login Scripts Guide. 


1.1.5 Mapping Volumes 


On Windows, mapping volumes enables users to browse through the entire eDir tree. However, on 
Linux, only the servers in the eDir tree and their respective volumes are listed under them. 
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1.2 Understanding the Novell Client for Linux 
Virtual File System 


The Novell Client for Linux differs from previous Novell Clients to enable it to work on the Linux 
platform. In Windows, the Novell Client loads a single binary that works on multiple operating 
system platforms without modifications. The Novell Client on Linux uses a Virtual File System 
provided by the base operating system itself which is a kernel module (novfs. ko) that runs as part 
of the Linux kernel and a daemon (novfsqd) that runs in the user space. Both components must be 
running on the workstation for the client to connect to the network. 


Understanding the Novell Client for Linux — 11 
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Configuring the Novell Client for 
Linux 


This section explains two ways that you can configure the Novell® Client™ for Linux settings on a 
workstation. Both methods let you configure the file browser, protocol, login, tray application, and 
SLP configuration settings available to Novell Client users. 

* Section 2.1, "Using the Novell Client Configuration Wizard," on page 13 

* Section 2.2, “Configuration Files for Preconfiguring the Novell Client,” on page 21 


* Section 2.3, "Server Side Configuration for Sending Messages from Client to Users and 
Groups," on page 21 


2.1 Using the Novell Client Configuration Wizard 


The Novell Client for Linux includes a Novell Client Configuration Wizard to simplify the process 
of configuring your Novell Client. 


1 Launch the Novell Client Configuration Wizard by using either of the following methods: 
+ Click ll > System Settings. 
* In YaST, click Network Services > Novell Client. 

2 If you are not logged in as root, type the root password, then click OK. 


3 Select the Client Configuration Wizard pages that contain the settings you want to configure. 


YaST2@linux-8hic 


Novell Client 
Configuration Wizard 


* Novell Client Configuration Wizard 


Page Selection 
Select the wizard pages you 
want to use to configure the 
Novell Client. 


Novell Client Configuration Wizard Pages 


After you have selected the x Login 
wizard pages you want, x Map 
selectthe Start Wizard x Protocol 


button to continue. x Tray Application 


x File Browser 


Save Configuration X| Service Location Protocol (OpenSLP) 


Changes: 

When you have finished the 
Novell Client Configuration 
Wizard, select the Finish 
button to save your changes. 


You can configure the following settings: 


* Login 
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* Map 


* 


Protocol 

* Tray Application 

* File Browser 

¢ Service Location Protocol (OpenSLP) 
4 Click Start Wizard. 
5 Follow the instructions in the left panel to configure Novell Client settings. 
6 Click Finish. 
7 Restart the workstation to ensure that the settings take effect. 

If you made changes to the Protocol Settings page or the Service Location Protocol (OpenSLP) 


Settings page, you must reboot the machine for those changes to take effect. 


Any changes you make to the Novell Client settings are written to a set of configuration (. conf) 
files in the /etc/opt/novell/ncl directory. 


IMPORTANT: When Novell Client software is uninstalled, these configuration files are also 
removed. 


2.1.1 Configuring Login Settings 


Use the Login Settings page in the Novell Client Configuration Wizard to configure the settings 
available to users in the Novell Login dialog box. 


Figure 2-1 Login Settings Page 


YaST2(linux-8hlc 


Login Settings * Login Settings 


NMAS Authentication: 
Enable or disable Novell 
Modular Authentication 
Services (NMAS) during 
login. NMAS authentication 
adds additional security to 
the network. However, if 
the network does not use 
NMAS, login may take 
additional time. 


iX! NMAS Authentication 


-Login Dialog 
C Clear Previous User Name 
(X; Advanced Button 


-Integrated Login — 3 
X] Integrated Login 
ix Display Integrated Login Results 


Clear Previous User 
Name: 

Clear the previous user 
name from the User Name 
field on the Login dialog. 


i Delete Integrated Login Profiles | 


-Login Defaults 
Default Tree: 


Advanced Button: 
Enable or disable the 
Advanced Button on the 
Login dialog. 


Default Context: 


Integrated Login: 
Enable or disable 
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This page contains the following options: 


* 


NMAS Authentication: Enables or disables Novell Modular Authentication Services 
(NMAS™) during login. NMAS authentication can add additional security to the network, but 
if the network does not use NMAS, login might take additional time, so you can disable NMAS 
authentication by disabling this setting. This option is selected by default. 


Clear Previous User Name: Clears the previous username from the User Name field on the 
Novell Login dialog box every time you open the dialog box. 


Advanced Button: Enables or disables the Advanced button in the Login dialog box. This 
option is selected by default. 


Integrated Login: Enables the integrated login feature for the entire system. This is set by the 
administrator and cannot be overridden by the user. 


Display Integrated Login Results: When this option is disabled, all login scripts are run 
silently and the script results window is not displayed, but login scripts are still processed. 


Delete Integrated Login Profiles: Removes the existing login profiles for all users on this 
workstation. 


Default Tree: Specify the default tree that Login attempts to log in to. This setting is 
overridden by the Login Dialog Tree history. 


Default Context: Specify the default context that Login attempts to log in to. This setting is 
overridden by the Login Dialog Context history. 


For more information on using the Novell Login dialog box, see “Logging In to the Network" in the 
Novell Client 2.0 SP3 for Linux User Guide. 


2.1.2 Configuring Map Settings 


Use the Map Settings page in the Novell Client Configuration Wizard to specify the directory on the 
local workstation where symbolic links to network resources are created and to select the first letter 
to use when creating these links. 


Configuring the Novell Client for Linux 
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Figure 2-2 Map Settings Page 
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Map Settings 2 | * Map Settings 


Map Link Default 
Location: 

This is the path to the 
directory where Map will 
create symbolic links to 
network resources. A 
value of %HOME will 
cause Map to create 
symbolic links in the user's 
home directory. 


-Map Defaults 
Map Link Default Location: 
|%HOME | | Browse | 


First Network Drive: 
F [-] 


First Network Drive: 
This is the first letter that 
Map will use to create 
symbolic links to network 
resources. This setting is 
used in commands such a 
Map *1 or Map next. 


After you have made the 
desired changes to the 2 
Login Settings, select the = 


This page contains the following options: 


* Map Link Default Location: Specify the path to the directory where Map creates symbolic 
links to network resources. A value of %HOME (the default) causes Map to create symbolic 
links in the user’s home directory. 


* First Network Drive: Select the first letter for Map to use when creating symbolic links to 
network resources. This setting is used in commands such a Map *1 or Map next. 


2.1.3 Configuring Protocol Settings 
Use the Protocol Settings page in the Novell Client Configuration Wizard to determine the level of 


enhanced security support, select the providers to perform name resolution, and enable the Client to 
obtain configuration information from your DHCP server. 
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Figure 2-3 Protocol Settings Page 
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* Protocol Settings 


Protocol Settings 


Name Resolution 
Providers: 

List of providers that will 
perform name resolution. 
Domain Name System 
also utilizes the host file. 
NetWare Core Protocol 
utilizes information 
contained in the active 
NCP connections. 

Service Location Protocol 
queries SLP for eDirectory 
and Bindery names. 


-Name Resolution 
Name Resolution Providers: 
El Domain Name System (DNS) 
El NetWare Core Protocol (NCP) 
El Service Location Protocol (SLP) 


-Security 
NCP Signature Level: (0-3) 


IL 


4 


NCP Signature Level: 


Determines the level of Dynamic Host Configuration Protocol (DHCP) — 


enhanced security support. LJ Tree 
Enhanced security L Context 
includes the use of a O Server 


message digest algorithm 
and a per connection/per 
request session state. The [a] 
values are as follows: EX 


This page contains the following options: 


* Name Resolution Providers: Select the providers to perform name resolution. Domain Name 
System also uses the /etc/hosts file. NetWare® Core Protocol™ uses information contained 
in the active NCP™ connections. Service Location Protocol queries SLP for eDirectory™ and 
Bindery names. 


* NCP Signature Level: Specify the level of enhanced security support. Enhanced security 
includes the use of a message digest algorithm and a per connection/per request session state. 
The values are as follows: 


0=Disabled 

1=Enabled but not preferred 

2=Preferred 

3=Required 

Changing the value of this setting to 2 or 3 increases security but decreases performance. 


* Dynamic Host Configuration Protocol (DHCP): If a DHCP server is set up on your network, 
the DHCP server can inform the Novell Client of network-specific configuration information. 
This information is made available when a user clicks the 7ree, Context, or Server buttons on 
the eDirectory tab of the Novell Login dialog box. 


If you make changes to the Protocol Settings page, you must reboot the workstation for those 
changes to take effect. 
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2.1.4 Configuring Tray Application Settings 


Use the Tray Application Settings page in the Novell Client Configuration Wizard to automatically 
launch the Novell Client Tray Application when the desktop starts and to determine which options 
are available to users on the Tray Application menu. 


Figure 2-4 Tray Application Settings Page 
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* Tray Application Settings 


Tray Application 
Settings 


Launch Tray Application: Wi Launch Tray Appieation 


Automatically launch the 
Novell Client Tray 
| Application. 


Tray Application Menu Options: 
X] Novell Login 


Tray Application Menu (€ Novell Logout 


Options: 
Enable or disable the 
| particular option on the Tray 


X Novell Connections 
|x| Change Password 
ix Novell Map Directory 


Applicaton menu. X] Disconnect Novell Mapped Directory 


X] Novell Utilities 

(x, User Administration 

X User Preferences 

X| System Settings 

(x Novell Client for Linux Documentation 


After you have made the 
desired changes to the Tray 
Application Settings, select 

| the Next button to continue. 


This page contains the following options: 
* Launch Tray Application: Select this option to automatically launch the Novell Client Tray 
Application. 
* Tray Application Menu Options: Enables or disables the options available to users on the 


Tray Application menu. 


For more information, see "Using the Novell Client Tray Application" in the Novell Client 2.0 SP3 
for Linux User Guide. 


2.1.5 Configuring File Browser Settings 


Use the File Browser Settings page in the Novell Client Configuration Wizard to specify which 
Novell Client options are available to users when they right-click Novell file system directories or 
files in a file manager, and which tabs are available on the Novell File, Folder, and Volume 
Properties pages. 
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Figure 2-5 File Browser Settings Page 


YaST2@linux-8hic 


al 


File Browser * File Browser Settings 


Settings 

Navigation Panel Icon: | FE Browser : 

Enable or disable the File [X] Navigation Panel Icon (KDE only) 
Browser Navigation Panel 

Icon. This icon is displayed Right Click Menu Options: 


only in the KDE desktop. X Novell Properties 


| Novell Properties: | X] Purge Novell Files 


Enable or disable the | (X Salvage Novell Files 
Novell Properties right 
click menu option. 


File and Folder Properties Tabs: 
Purge Novell Files: (X File and Folder Information 

| Enable or disable the X Novell Rights 

| Purge Novell Files right 


| click menu option. R 
| Volume Properties Tabs: 


| Salvage Novell Files: (X Volume Information 
Enable or disable the 
Salvage Novell Files right 
| click menu option. 


& Volume Statistics 


File and Folder 
| Information: 


| Back Abort 


This page contains the following options: 


+ Navigation Panel Icon (KDE only): Enables or disables the File Browser Navigation Panel 
icon. This icon is displayed only in KDE. 


+ Novell Properties: Enables or disables the Novell Properties menu option when users right- 
click a Novell file system directory or file in a file manager. 


+ Purge Novell Files: Enables or disables the Purge Novell Files menu option when users right- 
click a Novell file system directory or file in a file manager. 


* Salvage Novell Files: Enables or disables the Salvage Novell Files menu option when users 
right-click a Novell file system directory or file in a file manager. 


+ File and Folder Information: Enables or disables the File Information and Folder 
Information tabs on the File and Folder Properties pages (available when users right-click a 
Novell file system directory or file in a file manager and then click Novell Properties). 


+ Novell Rights: Enables or disables the Novell Rights tab on the File and Folder Properties 
pages (available when users right-click a Novell file system directory or file in a file manager 
and then click Novell Properties). 


+ Volume Information: Enables or disables the Volume Information tab on the Volume 
Properties page (available when users right-click a Novell file system volume in a file manager 
and then click Novell Properties). 


+ Volume Statistics: Enables or disables the Volume Statistics tab on the Volume Properties page 
(available when users right-click a Novell file system volume in a file manager and then click 
Novell Properties). 
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2.1.6 Configuring OpenSLP Settings 


Use the Service Location Protocol (OpenSLP) Settings page in the Novell Client Configuration 


Wizard to specify where and how the Client requests network services. 


In an IP-only network, the Novell Client needs a way to resolve the eDirectory tree, context and 
server names to an actual IP address of an eDirectory server that can provide authentication. On a 
simple LAN, the client can send an IP broadcast to discover this information, but on a multisite 


WAN, the SLP scope and Directory Agents must be listed. 


Figure 2-6 Service Location Protocol (OpenSLP) Settings Page 
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Service Location * Service Location Protocol (OpenSLP) Settings 
Protocol (OpenSLP) 


Settings 


Scope List: (example: myScope1, myScope2, myScope3) 


Scope List: 
A list indicating the only 
scopes a UA or SA is 
allowed when making 
requests or registering or 
the scopes a DA must 
support. 


Directory Agent List: (example: myDa1,myDa2,myDa3) 


Broadcast Only 


Directory Agent List: 
Force UA and SA agents 
to use specific DAs. If this 
setting is not used 
dynamic DA discovery will 
be used to determine 
which DAs to use. 


Maximum Results: (1-65,000) 
256 


Broadcast Only: 

Force broadcasts to be 

used instead of multicast. 

This setting is seldom A 
necessary since OpenSLP 7| 


Back Abort 


This page contains the following options: 


* Scope List: Specify the scopes that a user agent (UA) or service agent (SA) is allowed when 
making requests or registering, or the scopes that a directory agent (DA) must support. 


* Directory Agent List: Specify the specific DAs that UA and SA agents must use. If this 
setting is not used, dynamic DA discovery is used to determine which DAs to use. 


* Broadcast Only: Select this option to use broadcasting instead of multicasting. This setting is 
not usually necessary because OpenSLP automatically uses broadcasting if multicasting is 
unavailable. 


SLP is designed to use IP multicasting; however, if any SLP Agent does not implement IP 
multicasting, then all Agents must use broadcasting to reach that Agent. If a DA does not 

support multicasting, we recommend using the Directory Agent List to configure that Directory 
Agent rather than using this option. 


If the network does not contain a DA, IP servers must use their own SAs to specify the services 
that are available. If the SA does not support multicasting and if there are any services 
advertised by that SA that are needed by the UA on this machine, then use the Broadcast Only 
option. 
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Broadcasting has the disadvantage of being limited to the local LAN segment. 


* Maximum Results: Specify a 32-bit integer giving the maximum number of results to 
accumulate and return for a synchronous request before the time-out, or the maximum number 
of results to return through a callback if the request results are reported asynchronously. 


If you make changes to the Service Location Protocol (OpenSLP) Settings page, you must reboot 
the workstation for those changes to take effect. 


For more information, see Section 3.4, “Using OpenSLP to Simplify Login,” on page 27, SLP 
Fundamentals (http://www.novell.com/documentation/edir873/qsedir873/data/aksciti.html), and the 
OpenSLP (http://www.openslp.org) Web site. 


2.2 Configuration Files for Preconfiguring the 
Novell Client 


These configuration settings can be done using yast2. It is handled by the rpm yast2-novell- 
client. 


Conf File Path and Name Configuration Settings 


/etc/opt/novell/ncl/file browser.conf File browser settings 


/etc/opt/novell/ncl/login.conf Login settings 
/etc/novell/ncl/map.conf Map settings 
/etc/opt/novell/ncl/protocol.conf Protocol settings 
/etc/opt/novell/ncl/tray app.conf Novell Client Tray Application settings 
/etc/slp.conf SLP configuration settings 


2.3 Server Side Configuration for Sending 
Messages from Client to Users and Groups 


For server side configuration, you must ensure the following: 


+ |fuser groups are created in a context other than the default context, then the context must be 
mentioned in the NDS configuration file /etc/opt/novell/eDirectory/conf/nds.conf. 
For instance, if a user group is created in the context xyz (organization for example) but the 
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default context for the tree is abc, then to search for the groups from Novell client, the eDir 
administrator must add the following line in the nds.conf file: nau.nds .bindery- 
context-o-Xxyz 


You must ensure that the nds daemon is restarted after the changes to the config file is 
completed. To do this, issue the following command: 


rcndsd restart 


NOTE: You may specify upto 16 different contexts with n4u.nds.bindery-context. Each 


context must be separated by ";". For example, n4u.nds.bindery- 
context-o-xyz;ou-eng,o-acme. 


* When you send a message to a group using the nwsend command, you must specify only the 
groupname and not the FQDN of the groupname. For example, if a group named mygroup is 
created in context mycontext, then the mygroup groupname must be specified with the nwsend 
command instead of mygroup.mycontext. 
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Managing Login 


You can customize the client login environment with the following tasks to suit your network and 
have greater control over what users can access during login: 

* Section 3.1, “Setting Up Integrated Login,” on page 23 

¢ Section 3.2, “Setting Up Login Scripts,” on page 26 

* Section 3.3, "Setting Up Login Restrictions,” on page 26 

* Section 3.4, "Using OpenSLP to Simplify Login," on page 27 


For more information, see “Logging In to the Network" and “Logging Out of a Network Location 
(Server or Tree)" in the Novell Client 2.0 SP3 for Linux User Guide. 


3.1 Setting Up Integrated Login 


The Novell? Client!" 2.0 for Linux provides a single, synchronized login to the SUSE? Linux 
desktop or server and your Novell network. Users enter a name and password only once to access all 
the resources they are authorized to use. 


IMPORTANT: The integrated login feature is not available if you log in as the root user, and the 
integrated login feature does not work if a workstation is set up to not ask for a password in the 
display manager greeter. 


For integrated login to work, the Novell Common Authentication Services Adapter (CASA) must be 
installed and enabled. CASA is a common authentication and security package that provides a set of 
libraries for application and service developers to enable single sign-on to an enterprise network. 


Consider the following scenarios before setting up integrated login: 


+ If Integrated Login is selected in Novell Client Configuration Wizard in YaST (System-Wide 
Integrated Login) but the login profile is not saved by a user locally, then integrated login fails 
as there is no profile to load at the time of login. 


+ If System-Wide Integrated Login is selected and login profile is saved locally by the user, then 
integrated login works. 


* |f System-Wide Integrated Login is not explicitly enabled in YaST but login profile is saved 
locally by the user, then integrated login works because the default behavior is to start 
integrated login. 


* |f System-Wide Integrated Login is disabled explicitly in YaST, then integrated login fails in all 
scenarios. 


If Integrated Login is enabled as mentioned in the above scenarios, then it will work after a system 
reboot as well as after a logout and a login. 


* Section 3.1.1, "Installing and Enabling CASA," on page 24 
* Section 3.1.2, "Configuring Integrated Login," on page 24 
* Section 3.1.3, “Enabling and Disabling Integrated Login,” on page 25 
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3.1.1 Installing and Enabling CASA 


CASA is installed by default with SUSE Linux Enterprise Desktop 10 SP3, but it is not enabled. 


Installing CASA 


1 


"o oc BB o NM 


10 


Launch the YaST Control Center. 

GNOME: Click Computer > More Applications > System > YaST. 

KDE: Click the menu button > System > YaST. 

If you are not logged in as root, type the root password, then click Continue. 

Click Software in the left column, then click Software Management in the right column. 
Click Search in the Filter drop-down list. 

Type casa in the Search field, then click Search. 

Select the casa packages for installation. 

Click Accept to install all of the selected packages. 

YaST displays the progress of the package installation. 


(Conditional) If a message informs you that other package selections have been made to 
resolve dependencies, click Continue. 


(Conditional) If a message prompts you to insert a CD, put the CD in the CD drive, then click 


OK. 
After all the packages have been installed, click Close to close the YaST Control Center. 


Enabling CASA 


1 


Launch the YaST Control Center. 
GNOME: Click Computer > More Applications > System > YaST. 
KDE: Click the menu button > System > YaST. 


2 Click Security and Users in the left column, then click CASA in the right column. 
3 Click Configure CASA, then click OK. 
4 Click Finish to close the CASA Configuration Wizard. 


3.1.2 Configuring Integrated Login 


1 Use one of the following methods to open the Novell Login dialog box: 


2 
3 
4 


+ Click El > Novell Login. 
* GNOME: Click Computer > More Applications > Novell Login. 
* KDE: Click the menu button > Novell Login. 

Enter your username and password, then click Advanced. 


Specify the tree, context, and server information for the server you want to connect to. 


Click the Startup tab, then make sure Run Novell Client Login at Session Startup is selected (it 


is selected by default). 


24 Novell Client 2.0 SP3 for Linux Administration Guide 


Novell Login 


Novell. Client" for Linux 


User Name: luser123 +) 


eDirectory | Script ] Startup | 


Integrated Novell Client Login at Startup 


Integrated Login Profile to use at startup 
C] Save profile after successful login 


Load Profile | | Clear Profile 


| Ok | | Cancel Advanced << - 


5 Select Save profile after the successful login to save the Novell Login dialog settings to be used 
for all subsequent session logins. 


You must have the User Name and Password fields and the Tree and Context fields on the 
eDirectory tab filled out for this to be saved. 


IMPORTANT: An integrated login does not happen at the next session startup without a saved 
profile. 


6 (Optional) Click Load Profile to populate all fields in the dialog based on the saved settings. 
7 (Optional) Click Clear Profile to remove the profile settings. 


© 


Click OK to log in to the server specified in Step 3. 


The next time you log in to your SUSE Linux workstation, you also automatically log into the 
Novell server specified in Step 3. 


3.1.3 Enabling and Disabling Integrated Login 


1 Launch the Novell Client Configuration Wizard by using either of the following methods: 
+ Click Ẹ > System Settings. 
+ In YaST, click Network Services > Novell Client. 

2 Select Login, then click Start Wizard. 

3 On the Login Settings page, select or deselect Integrated Login. 


This enables or disables the integrated login feature for the entire system. This is set by the 
administrator and cannot be overridden by the user. 


4 Select Display Integrated Login Results to display the Integrated Login Script Results window 
when the user desktop is launched. 


If this option is disabled, all login scripts are run silently and the Integrated Login Script 
Results window is not displayed, but login scripts are still processed. 
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5 Select Delete Integrated Login Profiles if you want remove the existing login profiles for all 
users on this workstation. 


6 Click Finish. 


3.2 Setting Up Login Scripts 


When a user successfully logs in to the network, one or more login scripts are executed that 
automatically set up the workstation environment. Login scripts are similar to batch files and are 
executed by Novell Login. You can use login scripts to map drives to Novell file system volumes 
and directories, display messages, set environment variables, and execute programs or menus. 


Login scripts were originally created for use with the Novell Client for Windows. However, the 
Novell Client for Linux can take advantage of the majority of the functionality available in 
Windows. This means that the login scripts you created for Windows workstations can also be used 
with Linux workstations without modification, so you need to administer only one set of login 
scripts. 


Because login scripts are very flexible and dynamic, offer a high degree of customization, and are 
cross-platform, you should customize the scripts to optimize workstation login to your network. For 
more information on setting up login scripts, see the Novell Login Scripts Guide. 


3.3 Setting Up Login Restrictions 


Login restrictions are limitations on user accounts that control access to the network. These 
restrictions can be set by an administrator in Novell iManager for each user’s eDirectory™ User 
object and include the following: 


* Requiring a password 
You can specify its minimum length, whether it must be changed and how often, whether it 
must be unique, and whether the user can change it. 


* Setting the number of logins with an expired password and the number of incorrect login 
attempts allowed 


When a user violates login restrictions by entering an incorrect password or exceeding the 
number of logins with an expired password, the account is disabled and no one can log in using 
that username. This prevents unauthorized users from logging in. 


* Setting account limits such as an account balance or expiration date 


* Limiting disk space for each user by specifying the maximum blocks available for each user on 
a volume 


* Specifying the number of simultaneous connections a user can have 
* Specifying (by node address) which workstations users can log in on 


* Restricting the times when users can log in (you can assign all users the same hours or you can 
restrict users individually) 


To manage user login restrictions: 
1 Launch iManager by entering the following in the Address field of a network browser: 


http://server IP address/iManager.html 


2 Login using your username and password. 
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You have access only to those features you have rights to. To have full access to all Novell 
iManager features, you must log in as Supervisor/Administrator of the tree. 


Make sure you are in the Roles and Tasks view by clicking |G] on the top button bar, then select 
Users > Modify User in the navigation panel on the left. 


Type the name and context of the User object you want to modify, or use the search feature to 


find it, then click OK. 


Click the Restrictions tab (or drop-down list, depending on the browser you are using). 


Novell iManager - Mozilla Firefox 


File Edit View History Bookmarks Tools Help 


—— — 


ADMIN 
Unrestricted Access 


(&] Roles and Tasks 


| [All Categories] 
enim 


Kerberos Management 
= LDAP. 


Linux User Management 


Novelle iManager - 


Fi NMAS Management 

E] Partitions and Replicas 
Passwords 

QuickFinder 

© Rights 

Schema 

E SMS Backup and Restore 
E SNMP 


Storage 


Allow user to change password 


Require a password 


ini Jia m 
Minimum password length: |8 fia] 


7 Force periodic password changes 


Days between forced changes: = 
Date password expires: 


oox) 


Restrictions | Account Balance | Intruder Lockout 


Day: Month: Year: | 


Require unique passwords 
Limit grace logins 


Grace logins allowed: = 


Time: | 


El Users ini " = 
TA Remaining grace logins: 
Create User Eg g = 


Delete User 
Disable Account 
Enable Account 
Modify User 
Move User 


Rename User 
E WAN Traffic 
G Find: 
Done 137.65.17166 4 € 


Set Password 


The following options appear. They open pages that display various properties: 
* Password Restrictions 
* Login Restrictions 
* Time Restrictions 


Address Restrictions 


* 


* Account Balance 
* Intruder Lockout 
6 Make your changes, then click Apply to preview or OK to save. 


3.4 Using OpenSLP to Simplify Login 


The service location protocol (SLP) was developed so that networking applications such as the 
Novell Client for Linux could discover the existence, location, and configuration of networked 
services in enterprise networks. Without SLP, users must supply the hostname or network address of 
the service that they want to access. 


Managing Login 


27 


Because SLP makes the existence, location, and configuration of certain services known to all 
clients in the local network, the Novell Client for Linux can use the information distributed to 
simplify login. For the Novell Client, having SLP set up allows users to see the trees, contexts, and 
servers available to them when they use the Novell Client for Linux Login screen. When they click 
the Browse button, a list of available trees, contexts, or servers appears and they can select the 
appropriate ones. For example, instead of remembering an IP address or DNS name for a server, 
users can select the server’s name from a list of available servers. 


SLP must be activated and set up on your Novell servers in order for the Novell Client to take 
advantage of it. For more information, see “SLP Services in the Network” in the SUSE LINUX 
Enterprise Server Installation and Administration Guide (http://www.novell.com/documentation/ 
sles10/sles admin/data/cha slp.html). 


SLP is not set up by default on Linux workstations. The Novell Client for Linux includes a Novell 
Client Configuration Wizard to simplify the process of configuring your SLP and other Novell 
Client configuration options. The Novell Client Configuration Wizard provides only basic SLP 
configuration because this is all that is required by the client. However, if other applications on your 
workstation require more advanced settings, you can modify the /etc/slp.conf file to set 
advanced settings. 


For more information on advanced SLP configuration, see the OpenSLP Web site (http:// 

ww w.openslp.org). In addition, the /usr/share/doc/packages/opens1p directory contains 
documentation on SLP, including a README . SuSE file containing the SUSE? Linux details, several 
RFCs, and two introductory HTML documents (An Introduction to SLP and OpenSLP User 5 
Guide). RFC 2609 details the syntax of the service URLs used and RFC 2610 details DHCP via SLP. 


* Section 3.4.1, “Setting Up SLP,” on page 28 
* Section 3.4.2, "Troubleshooting SLP Configuration," on page 29 


* Section 3.4.3, "Configuring SLP and the SUSE Firewall to Work with the Novell Client for 
Linux," on page 29 


3.4.1 Setting Up SLP 


1 Launch the Novell Client Configuration Wizard by using either of the following methods: 
+ Click El > System Settings. 
* In YaST, click Network Services > Novell Client. 

2 Select Service Location Protocol (OpenSLP), then click Start Wizard. 

3 Specify the following SLP information for your network: 


* Scope List: Specify the scopes that a user agent (UA) or service agent (SA) is allowed 
when making requests or registering, or the scopes that a directory agent (DA) must 
support. 


* Directory Agent List: Specify the specific DAs that UA and SA agents must use. If this 
setting is not used, dynamic DA discovery is used to determine which DAs to use. 


* Broadcast Only: Select this option to use broadcasting instead of multicasting. This 
setting is not usually necessary because OpenSLP automatically uses broadcasting if 
multicasting is unavailable. 
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SLP is designed to use IP multicasting; however, if any SLP Agent does not implement IP 
multicasting, then all Agents must use broadcasting to reach that Agent. If a DA does not 
support multicasting, we recommend using the Directory Agent List to configure that 
Directory Agent rather than using this option. 


If the network does not contain a DA, IP servers must use their own SAs to specify the 
services that are available. If the SA does not support multicasting and if there are any 
services advertised by that SA that are needed by the UA on this machine, then use the 
Broadcast Only option. 


Broadcasting has the disadvantage of being limited to the local LAN segment. 


* Maximum Results: Specify a 32-bit integer giving the maximum number of results to 
accumulate and return for a synchronous request before the time-out, or the maximum 
number of results to return through a callback if the request results are reported 
asynchronously. 


4 Complete the Novell Client Configuration Wizard. 
5 Restart the workstation. 


3.4.2 Troubleshooting SLP Configuration 


If users cannot see a list of available trees, contexts, and servers when they use the Novell Client for 
Linux Login screen, use s1ptool, located in /usr/bin, to troubleshoot your SLP configuration. 


After you start slpd (located in /usr/sbin), you should be able to issue a query for SLP service 
agents using the following command: 


slptool findsrvs service:service-agent 


This should display a list of the hosts that are running s1pa, which indicates that OpenSLP is 
successfully installed and working. If you do not get a list, OpenSLP is not installed correctly or is 
not working. See Section 3.4.1, “Setting Up SLP,” on page 28 for more information. 


3.4.3 Configuring SLP and the SUSE Firewall to Work with the 
Novell Client for Linux 

In order for the Novell Services button in your file browser to work correctly, both SLP and the 
SUSE firewall must be configured properly. If OpenSLP is not installed, the SLP protocol is 


disabled, or your firewall settings are turned on (as they are by default in SUSE Linux Desktop 10 
SP3), a warning message is displayed when you try to scan for or access Novell services. 
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Figure 3-1 SLP/Firewall Message 


Scanning the network gave no results. Possible 
reasons 


1. SLP is not configured properly 


2. Firewall setings prevent SLP to work 
correctly 


Configure Firewall 


Click Configure SLP to open the Novell Client Configuration Wizard. Follow the instructions in 
Section 3.4.1, “Setting Up SLP,” on page 28 to configure SLP. 


Click Configure Firewall to open the Firewall Configuration Wizard in YaST. You can turn the 
firewall off, or manually configure the firewall to let SLP packets in and out. If your LAN interface 
is defined as External in the SUSE firewall configuration, you can try adding SLP Daemon Rules as 
an allowed service, or you can try changing your LAN interface definition to Internal. 

* "Turning Off the SUSE Firewall” on page 30 

+ “Manually Configuring the SUSE Firewall” on page 30 

* "Adding SLP Daemon Rules for External or DMZ Firewall Zones" on page 31 


+ "Changing Your LAN Interface Definition to Internal” on page 31 


Turning Off the SUSE Firewall 


1 Launch the YaST Control Center. 
GNOME: Click Computer > More Applications > System > YaST. 
KDE: Click the menu button > System > YaST. 
2 Click Security and Users in the left column, then click Firewall in the right column. 
3 Click Stop Firewall Now, then click Next. 
4 Click Accept to close the Firewall Configuration Wizard. 


The next time you click the Novell Services button in your file browser, you should be able to 
scan for or access Novell services. 


Manually Configuring the SUSE Firewall 


To allow iptables to accept incoming unicasts from the DAs in your network, the following needs to 
be added to the firewall as the first rule (or before anything is denied). 


1 Modify the /etc/sysconfig/SuSEfirewall2 file. 


Change the following lines from 
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#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" 
FW_CUSTOMRULES="" 


to 


FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" 
#FW_CUSTOMRULES="" 


2 Modify the /etc/sysconfig/scripts/SuSEfirewal1l2-custon file. 


In fw custom before denyall() add the following: 


iptables -I INPUT 1 -j ACCEPT -p udp --sport 427 


That will make SLP lookups work properly. 


Adding SLP Daemon Rules for External or DMZ Firewall Zones 


1 Launch the YaST Control Center. 
GNOME: Click Computer > More Applications > System > YaST. 
KDE: Click the menu button > System > YaST. 
2 Click Security and Users in the left column, then click Firewall in the right column. 


3 Click Allowed Services in the left column to open the Firewall Configuration: Allowed 
Services screen. 


4 Select SLP Daemon from the Service to Allow drop-down menu, then click Add. 
5 Click Next, then click Accept. 


Changing Your LAN Interface Definition to Internal 


1 Launch the YaST Control Center. 
GNOME: Click Computer > More Applications > System > YaST. 
KDE: Click the menu button > System > YaST. 
2 Click Security and Users in the left column, then click Firewall in the right column. 


3 Click Interfaces in the left column, double-click your LAN interface, then select Internal Zone 
from the drop-down menu. 


4 Click OK, then select Start-Up in the left panel. 
5 Click Save Settings and Restart Firewall Now. 
6 Click Next, then click Accept. 
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Managing File Security 


Novell® Open Enterprise Server (OES) and NetWare® networks restrict access to network files and 
folders based on user accounts. For example, a user connected to the network through the 
Administrator account can delete or rename a file that other users can only open and edit. 


The Novell file system keeps track of the rights that users have to files and directories on the 
network. When users try to access any file on the network, Novell File Service (NFS) either grants 
access or prohibits certain things that users can do with the file. 


It is important to note that Linux file rights do not correlate with NFS file rights. When you copy a 
file from a Linux workstation to a Novell server, the only right that is preserved is the Read-Only 
attribute. This also occurs if you copy files from one server to another by using any method other 
than NCOPY at the command terminal. 


For more information on the specific rights on NetWare and OES servers, see “File Services" (http:/ 
/www.novell.com/documentation/oes/implgde/data/filesvcs.html) in the Novell OES Planning and 
Implementation Guide. 


For additional information on file system attributes, see the File Systems Management Guide for 
OES (http://www.novell.com/documentation/oes/stor filesys/data/hnOr5fzo.html). 


Rights are granted and revoked by creating trustee assignments. For more information, see 
Section 4.2, “Changing Trustee Rights,” on page 35. 


This section explains the following: 


* Section 4.1, “Checking File or Folder Rights,” on page 33 
* Section 4.2, "Changing Trustee Rights," on page 35 

* Section 4.3, "Adding a Trustee," on page 35 

* Section 4.4, "Removing a Trustee," on page 36 


* Section 4.5, "Combining Multiple Trustees," on page 36 


4.1 Checking File or Folder Rights 


1 Ina file manager, right-click a Novell file system directory or file. 
2 Do one of the following: 

* GNOME: Click Novell Properties. 

* KDE: Click Actions > Novell Properties. 
3 Click the Novell Rights tab. 
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LOGIN Properties 


Folder Information 


Trustees SRWECMFA 
[Public] CMT A 


P eDirectory 


Inherited Rights and filters... 
- Effective Rights 
Read Erase Modify Access Control 
Write Create File Scan Supervisor 


Cancel 


4 View the information. 


The Trustees list shows the users or groups that have been granted rights to work with this file 
or folder. The trustees rights to the folder also apply to all the files and subfolders it contains 
unless the rights are explicitly redefined at the file or subfolder level. 


The rights that each trustee has are shown by check marks under the letters. If you are viewing 
the properties of multiple files, the trustees and rights shown are the combined trustees and 
rights for all the files. 


Effective Rights displays your rights for this file or folder. Users can receive rights in a number 
of ways, such as explicit trustee assignments, inheritance, and security equivalence (see 
eDirectory Rights Concepts (http://www.novell.com/documentation/edir88/edir88/data/ 
fbachifb.html) in the Novell eDirectory 8.8 Administration Guide for more information). Rights 
can also be limited by Inherited Rights Filters and changed or revoked by lower trustee 
assignments. The net result of all these actions—the rights a user can employ—are called 
effective rights. 


al 


To view a list of rights and filters inherited by this file or directory, click Inherited Rights and 
filters. 


All rights assignments on directories are inheritable. You can block such inheritance on 
individual subordinate items so that the rights aren't effective on those items, no matter who the 
trustee is. One exception is that the Supervisor right can't be blocked. 


6 Click OK. 
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4.2 Changing Trustee Rights 


The assignment of rights involves a trustee and a target object. The trustee represents the user or set 
of users that are receiving the authority. The target represents those network resources the users have 
authority over. You must have the Access Control right to change trustee assignments. 


1 Ina file manager, right-click a Novell file system directory or file. 


2 Do one of the following: 


* 


* 


GNOME: Click Novell Properties. 
KDE: Click Actions > Novell Properties. 


3 Click the Novell Rights tabbed page. 


4 In the Trustees list, select the trustee whose rights you want to change. 


5 Select or deselect the rights you want to assign for this trustee. 


For each trustee in the list, there is a set of eight check boxes, one for each right that can be 
assigned. If a check box is selected, the trustee has that right. The following rights can be set 
for each trustee: 


* 


Read: For a directory, grants the right to open files in the directory and read the contents 
or run the programs. For a file, grants the right to open and read the file. 


Write: For a directory, grants the right to open and change the contents of files in the 
directory. For a file, grants the right to open and write to the file. 


Erase: Grants the right to delete the directory or file. 


Create: For a directory, grants the right to create new files and directories in the directory. 
For a file, grants the right to create a file and to salvage a file after it has been deleted. 


Modify: Grants the right to change the attributes or name of the directory or file, but does 
not grant the right to change its contents (changing the contents requires the Write right). 


File Scan: Grants the right to view directory and file names in the file system structure, 
including the directory structure from that file to the root directory. 


Access Control: Grants the right to add and remove trustees for directories and files and 
modify their trustee assignments and Inherited Rights Filters. 


Supervisor: Grants all rights to the directory or file and any subordinate items. The 
Supervisor right can't be blocked by an Inherited Rights Filter. Users with this right can 
grant or deny other users rights to the directory or file. 


6 Click OK. 


Trustee assignments override inherited rights. To change an Inherited Rights Filter, click /nherited 
Rights and filters. 


4.3 Adding a Trustee 


When you add a trustee to a Novell file system directory or file, you grant a user (the trustee) rights 
to that directory or file. You must have the Access Control right to add a trustee. 


1 Ina file manager, right-click the Novell file or directory that you want to add a trustee to. 


2 Do one of the following: 


* 


GNOME: Click Novell Properties. 
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* KDE: Click Actions > Novell Properties. 
3 Click the Novell Rights tab. 


4 In the tree diagram, locate the eDirectory™ user object that you want to add as a trustee, then 
click Add. 


5 Set the rights for this user by selecting the boxes under the letters on the right of the Trustees 
list. 


The following rights can be set for each trustee: 


* Read: For a directory, grants the right to open files in the directory and read the contents 
or run the programs. For a file, grants the right to open and read the file. 


* Write: For a directory, grants the right to open and change the contents of files in the 
directory. For a file, grants the right to open and write to the file. 


* Erase: Grants the right to delete the directory or file. 


* Create: For a directory, grants the right to create new files and directories in the directory. 
For a file, grants the right to create a file and to salvage a file after it has been deleted. 


* Modify: Grants the right to change the attributes or name of the directory or file, but does 
not grant the right to change its contents (changing the contents requires the Write right). 


* File Scan: Grants the right to view directory and file names in the file system structure, 
including the directory structure from that file to the root directory. 


* Access Control: Grants the right to add and remove trustees for directories and files and 
modify their trustee assignments and Inherited Rights Filters. 


* Supervisor: Grants all rights to the directory or file and any subordinate items. The 
Supervisor right can't be blocked by an Inherited Rights Filter. Users with this right can 
grant or deny other users rights to the directory or file. 


6 Click OK. 


4.4 Removing a Trustee 


When you remove a trustee of a Novell file system directory or file, you delete a user's rights to that 
directory or file. You must have the Access Control right to remove a trustee. 
1 Ina file manager, right-click the Novell file or directory whose trustee you want to remove. 
2 Doone of the following: 
* GNOME: Click Novell Properties. 
* KDE: Click Actions > Novell Properties. 
3 Click the Novell Rights tab. 
4 In the Trustees list, select the trustee you want to remove. 
5 Click Remove, then click OK. 


4.5 Combining Multiple Trustees 


As an administrator, you might need to apply the same trustee assignments to a group of selected 
files. You can combine trustee assignments by selecting the Combine multiple Trustees option on the 
Novell Rights page. 
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For example, Kim is a trustee of FILEA and FILEB. Kim has Read, File Scan, and Access Control 
rights for FILEA and Read and File Scan rights for FILEB. Nancy has Read and File Scan rights for 
FILEA. 


If you give a new user named Michael the Read, Write, and File Scan rights for both FILEA and 
FILEB and, at the same time, you want to give similar trustee rights to Kim and Nancy, you would 
select Combine Multiple Trustees. The following would then be true: 


* Kim has Read and File Scan rights to both FILEA and FILEB. Her Access Control right is lost 
because the combined rights are based on the rights given to Michael. 


* Nancy has Read and File Scan rights to both FILEA and FILEB. She has gained Read and File 
Scan rights to FILEB because the combined rights are based on the rights given to Michael. 


* Michael has Read, Write, and File Scan rights to both FILEA and FILEB. 
To combine multiple trustees: 


1 Ina file manager, select all the Novell files or directories that you want to combine rights for. 
2 Right-click the files or directories, then select one of the following: 
* GNOME: Click Novell Properties. 
* KDE: Click Actions > Novell Properties. 
3 Click the Novell Rights tab. 
4 Click Combine multiple Trustees, then click OK. 


Managing File Security 


37 


38 Novell Client 2.0 SP3 for Linux Administration Guide 


Security Considerations 


This section contains the following topics:. 


* Section 5.1, “Security Features,” on page 39 


* 


* 


* 


* 


5.1 Security Features 


The following table contains a summary of the Novell? Client™ for Linux security features: 


Table 5-1 Novell Client for Linux Security Features 


Feature 


Users are authenticated 


Servers, devices, and/or services are 
authenticated 


Access to information is controlled 


Roles are used to control access 


Logging and/or security auditing is done 


Data on the wire is encrypted by default 


Data stored is encrypted 


Yes/No 


Yes 


Yes 


Yes 


No 


No 


No 
No 


Section 5.2, "Known Security Threats," on page 40 
Section 5.3, *Security Characteristics," on page 40 
Section 5.4, "New and Modified Files," on page 41 
Section 5.5, “Other Security Considerations," on page 44 


Details 


GUI and command line login utilities support 
authentication of NCP™ and LDAP 
connections via user authentication into 
eDirectory™. NCP protocol authentication is 
supported via RSA and LDAP authentication 
is supported via SSL and Simple Bind 
protocol. 


Connections to servers are authenticated via 
user-supplied credentials. No device 
authentication is supported directly by the 
Client. 


The product's Virtual File System (VFS) 
component (located in Linux Kernel space) is 
the gatekeeper for enforcement of access 
controls to Novell file systems. 


No explicit use of roles is included in this 
product. eDirectory alias objects can be 
created, but this is not considered true role- 
based access and is not specifically supported 
or administered through this product. 


Security logging and auditing features are not 
supplied by nor supported by this product. 


No wire encryption is supplied by this product. 


This product does not provide long-term 
storage of data. 
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Feature Yes/No Details 


Passwords, keys, and any other Yes Passwords and other authentication materials 
authentication materials are stored in temporary storage are encrypted to prevent 
encrypted in-memory scanners. 

Security is on by default Yes There are no configuration options to enable 


or disable with the exception of packet 
signing. Packet signing is enabled by default. 


FIPS 140-2 compliant No This product currently uses the ATB 
(authentication toolbox) instead of the Novell 
NICI product. Therefore, this product is not 
FIPS 140-2 compliant because ATB itself is 
not FIPS-compliant. 


5.2 Known Security Threats 


The following section provides a list of known security threats for the Novell Client for Linux, an 
indication of how difficult it would be to exploit the threat, and what the consequences would be for 
a customer. 


Table 5-2 Known Security Threats 


Description Consequence Likelihood Difficulty 

Repetitive password cracking Intruder detection lockout Low Hard 

attempts 

“Stale” passwords Password expiration, grace login High Hard 
enforcement 

Attempted access out-of-hours or Date/Time and Location restrictions at login Medium Easy 


from unauthorized locations 


Port scanners Unsuccessful pass of Nessus* scans; Medium Possible 
possible port hijacking 


Man-in-the-middle attacks NCP request sequencing, packet signing Low Hard 
Wire frame examination and Same protections as with other Novell Low Hard 
manipulation products utilizing NCP and RSA-based 

authentication 
Memory scanning for sensitive All buffers containing sensitive data Low Hard 
data (passwords) are short-term in nature and 

are zeroed and/or freed immediately after 

use. 


5.3 Security Characteristics 


¢ Section 5.3.1, “Identification and Authentication,” on page 41 


* 


Section 5.3.2, "Authorization and Access Control," on page 41 


* Section 5.3.3, "Roles," on page 41 


* 


Section 5.3.4, "Security Auditing," on page 41 
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5.3.1 Identification and Authentication 


This product uses XTier to authenticate users via user identity information stored in eDirectory and 
resource authorization and access control provided by eDirectory. The product takes a user name 
and password supplied directly by the user and transfers that information to XTier for use within its 
supported authentication mechanisms (via XTier’s plug-in authentication module architecture). If 
configured to do so, this product authenticates (using PAM NAM (Linux User Management)) to 
eDirectory through SSL and LDAP Simple Bind Protocol. 


This product does not itself authenticate to another product, system or service. No portion of this 
product authenticates to another. 


5.3.2 Authorization and Access Control 


This product allows the protections supplied by eDirectory for access control to be fully realized for 
those resources that are contained within eDirectory. Access to resources is protected based on user 
identity (as stored within eDirectory). The VFS, daemon, and XTier work together to compare 
ACLs for a given file system path or object retrieved from eDirectory to the identity and session 
scope established for the identity that owns a given connection. 


The VFS acts as a proxy to the local file system (via redirection of its local mount point) to make 
such decisions for network-based file system paths or objects. 


5.3.3 Roles 


This product does not define or manage roles. It simply makes use of roles that have already been 
defined elsewhere and treats role access privileges in the same way as any user identity. 


Because the product has a VFS module running in the kernel, it does not require root access for 
users to create mount points (as do NCPFS and other similar open source offerings to date). The 
product does not require use of SETUID for any of its operations. 


5.3.4 Security Auditing 


No security auditing is performed by this product. 


5.4 New and Modified Files 


The following sections describe the files that are added or modified during the installation of the 
Novell Client for Linux. 


¢ Section 5.4.1, “Configuration Files,” on page 42 

* Section 5.4.2, “PAM Login Files," on page 42 

* Section 5.4.3, “User Profile Startup Files,” on page 43 

* Section 5.4.4, “KDE and GNOME Desktop Startup Files," on page 43 


* Section 5.4.5, "Installation Files," on page 43 
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5.4.1 Configuration Files 


Table 5-3 New and Modified Configuration Files 


File New Modified Description 
SHOME/.novell/ncl/ X Local user autologin configuration file. All fields in the 
StartupLogin.conf Novell Login dialog box (except the password) are 


stored in this file. 


SHOME/.novell/ncl/ This user configuration file specifies the drive mapping 

MapDrives.conf to run at startup. Integrated login is not required, but 
credentials must be saved or the login dialog box is 
displayed to get the password at desktop startup. 


/etc/opt/novell/ncl/ Optional global configuration file that overrides 

login.conf defaults. This file is modified only by the root user, 
normally with YaST through the Novell Client 
Configuration Wizard for the login page (click the 
Novell Tray icon, select System Settings, and start the 
Login wizard). 


5.4.2 PAM Login Files 


Table 5-4 New and Modified PAM Login Files 


File New Modified Description 
/lib/security/ X This file queries CASA credentials, verifies if 
pam ncl autologin.so autologin is allowed, verifies the user with 


credentials, then authenticates. This file is used 
in the context of integrated login. 


/etc/pam.d/xd X PAM configuration file for the X Display Manager 
login. 
/etc/pam.d/gd X PAM configuration file for the GNOME* Display 


Manager login. 


/etc/pam.d/kd X PAM configuration file for the KDE Display 
Manager login. 


/etc/pam.d/sshd X PAM configuration file for SSH login. 


A "required" authentication module is added for each of the above GUI logins. The added text is 
auth required pam ncl autologin.so, which is added after the pam micasa.so module 
(if it exists). 


Authentication is not added for the two console login authentication files, /etc/pam.d/login and 
/etc/pam.d/sshd. This modification is done at install time and is removed at uninstall time. 


IMPORTANT: For the root user, no tree authentication is performed, no automatic login scripts 
are run, and no drives are mapped. Therefore, the pam ncl autologin.so module always returns 
SUCCESSFUL, having done nothing for the root user. 
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5.4.3 User Profile Startup Files 


Table 5-5 New and Modified User Profile Startup Files 


File New Modified 


/etc/profile.d/novell-ncl- X 
autologin.sh 


/opt/novell/ncl/bin/ 
ncl autologin.desktop 


5.4.4 KDE and GNOME Desktop 


Table 5-6 New or Modified Desktop Startup Files 


File New Modified 


SHOME/.config/autostart/ X 
ncl autologin.desktop 


/opt/novell/ncl/bin/ X 
ncl autologin 


/opt/novell/ncl/bin/ 
nwlogin 


/opt/novell/ncl/bin/ X 
gnwlogin 


5.4.5 Installation Files 


Table 5-7 New Installation Files 


File New Modified 


/opt/novell/ncl/bin/ X 
delete login profiles 


Description 


If integrated login is enabled, then this shell script 
copies the ncl_autologin.desktop file to 
SHOME/.config/autostart directory. 


This desktop file is copied to SHOME/.config/ 
autostart directory to enable integrated login. 


Startup Files 


Description 


Common Startup file for ncl_autologin. 
Validates and runs nwlogin or gnwlogin. 


This existing file silently authenticates and 
processes scripts. 


GUI for authentication, processing scripts, and 
saving settings. This file adds a new tab (called 
Startup) to the Novell Login dialog box, which 
allows users to save their current login settings 
for use during the next system startup to 
automatically log in the user. 


When the user clicks Clear Profile on the Startup 
tab, the SHOME/.novell/ncl/ 
StartupLogin.conf file is deleted. 


When the user clicks Save Current Profile, the 
settings are used to authenticate the user (but not 
run login scripts). If authentication is successful 
(CASA stores those credentials), the current 
settings are written to StartupLogin.conf. 


Description 


Run from YaST to purge all profiles. 
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File New Modified Description 


/opt/novell/ncl/bin/ X Inserts pam ncl autologin into PAM file. 
login cfg pam 


/opt/novell/ncl/bin/ X Removes pam ncl autologin from PAM file. 
login ucfg pam 


5.5 Other Security Considerations 


If root is compromised, all network access could also be compromised. For example, if a malicious 
entity gets root access, it might be able to steal user credentials and authenticate to the network 
with those credentials. 
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Troubleshooting Tips 


This section describes some issues you might experience with Novell Client and provides 
suggestions for resolving or avoiding them. 


6.1 Novell Client tray sometimes displays an 
error message on logging in to a desktop on 
which LUM is configured. 


After the user logs in to the desktop on which Linux User Management (LUM) is configured, Novell 
Client tray might sometimes display the following error message: 


The novfs kernel loadable module is not installed correctly 


This occurs because namcd fails to start in the machine. Novell Client requires services such as 
novell-xregd and namcd when they are configured. namcd fails to start because of one or more of 
the following reasons: 


* Cause: The remote LDAP server to which LUM is configured against is not responding. 
Symptom: The following error is displayed in /var/log/messages: 


ldap_initconn: LDAP bind failed (error = [81]), trying to connect to 
alternative LDAP server 


Solution: Ensure that the LDAP Server LUM is configured against is available and restart 
namcd. 

* Cause: namcd is attempted to start before Network Manager is started. 
Symptom: The following error messages are displayed in /var/log/messages: 


network: If service network should wait until connection is established 


network: then set /etc/sysconfig/network/config:NM ONLINE TIMEOUT 


Solution: Setting an appropriate value for the variable NM ONLINE TIMEOUT in the file /etc/ 
sysconfig/network/config will ensure that all other dependent services will wait for the 
Network Manager to come up at least for the specified timeout duration. A suggested duration 
is 20, which indicates a timeout of 20 seconds. 


NOTE: Alternatively, namcd can be configured to start from the local cache itself. This will allow 
the desktop to startup without the error even when network is not available. To do this, run the 
following command: 


namconfig cache-only-yes 


After any of the above mentioned solutions is implemented, restart the following services: 
1. Restart namcd by running the following command: 


rcnamcd restart 


2. Restart novell-xregd as root by running the following command: 
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rcnovell-xregd restart 
3. Restart novfsd as root by running the following command: 
rcnovfsd restart 


4. Manually launch Novell Client tray application by running the command /opt /novell/ncl/ 
bin/ncl tray either on the command line of a terminal window or in Run Application utility 
that can be launched by pressing Alt-F2. 


If any of these commands display any errors, restart the Linux* machine. 
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The Novell Client for Linux 
Command Line Utilities 


The Novell® Client™ for Linux provides a set of command line utilities that let you start and stop 
the Novell Client daemon, install and uninstall the Novell Client for Linux, load the Novell Client 
for Linux tray application, list active connections for the currently logged-in user, copy files and 
directories to and from Novell file systems, display or modify the attributes of files and directories 
on Novell file systems, log a user in to or out of a Novell file server or eDirectory™ tree, map a local 
file system to a remote file system on a Novell file server, and display or modify a user’s trustee 
assignments or inherited rights filter for volumes, directories, or files. 


The utilities are located in the /opt /novell/ncl/bin directory, and include the following: 


* Section A.1, “Shell Commands,” on page 47 
¢ Section A.2, “GUI Utilities,” on page 48 


A.1 Shell Commands 


Table A-1 The Novell Client for Linux Shell Commands 


Utility Description Syntax 
ncl tray Loads the Novell Client for ncl tray [--waitfortray <integer>] [- 
Linux tray application and -author] [--] [-v] [-h] 


allows customization of the 
tray interface. 


nwconnections Lists active connections forthe nwconnections [--] [-v] [-h] 
currently logged-in user. 


nwcopy Copies files and directories to  nwcopy flags -p source path -t 
and from Novell file systems. target path 


nwflag Displays or modifies the nwflag (-a|-n) (-w|-e eDir object|+|- 
attributes of files and attr modifier} [-s] [-d|-f] [--] [-v] 
directories on Novell file [-h] URI1 {URI2} {URI3} 
systems. 
nwlogin Logs a user in to a Novell file nwlogin [-u string] [-p string] [-t 
server or an eDirectory tree. string] [-c string] [-s string] [-r] [- 
L path] [-P path] [-2 string] [-3 
string] [-4 string] [-5 string] [--] [- 
v] [-h] 
nwlogout Logs the user out of a Novell nwlogout (-s string|-t string) [-f] [-- 
or eDirectory tree. ] [-v] [-h] 
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Utility Description Syntax 


map Creates a mapping (mount) map -d drive -s server -v volume -f 
from a local file system to a filespec 
remote file system on a Novell 
file server. or, 


map options | parameters drive:=path | 
local path:-remote path 


nwrights Displays or modifies a users — nwrights flags -r +|-rights list -o 
trustee assignments or user or group object -p network path 
inherited rights filter for 
volumes, directories, or files. 


A.2 GUI Utilities 


Table A-2 The Novell Client for Linux GUI Utilities 


Utility Description 


gnwconnections Displays the Novell Connections dialog box, which lets you see what servers and 
trees you are logged in to, refresh connections, set a specific tree as your 
primary connection, or log out of a tree or server. 


gnwlogin Displays the Novell Login dialog box. For more information on using this dialog 
box, see “Logging In to the Network" in the Novell Client 2.0 SP3 for Linux User 
Guide. 

gnwpurge GUI utility to purge salvaged files. 

gnwsalvage GUI utility to salvage deleted files. 


A.3 Using the Novell Client for Linux Man Pages 


Each of the utilities has a man page associated with it that contains information on the utility, such as 
a definition, usage, and samples. There is a known bug related to the MANPATH environment 
variable on both SUSE? Linux Enterprise Desktop and SUSE Linux. The nc1 man utility has been 
provided for convenience until the manpath bug is resolved. You should use the nc1 man command 
(instead of the traditional man command) to view NCL-related man pages. To do this, enter the 
following in a terminal the first time you want to view a Novell Client for Linux man page: 


/opt/novell/ncl/bin/ncl man 


This modifies the MANPATH to allow the Novell Client man pages to be displayed.You can then 
access the man page for a specific Novell Client for Linux utility by entering the following: 


ncl man utility name 
For example: 
ncl man ncl tray 


In the man pages, use the PgUp and PgDn keys to move up and down. Use the Home and End keys 
to move between the beginning and the end of a document. To exit a man page, press q. You can 
learn more about the man command by entering man man in a terminal window. 
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You can also enter utility name --help in a terminal window to access a help page for the 
utility. 


For more information, see Appendix B, “Novell Client for Linux Man Pages,” on page 51. 
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Novell Client for Linux Man Pages 


* "gnwlogin(1)" on page 52 

* “login.conf(4)” on page 55 

* "mapdrives.conf(4)" on page 57 

+ “nel install(8)" on page 59 

+ “ncl man(1)" on page 61 

+ “nel tray(1)" on page 62 

* "nwconnections(1)" on page 63 

* "nwcopy(1)" on page 64 

* "nwflag(1)" on page 66 

* "nwlogin(1)" on page 69 

* "nwlogout(1)" on page 72 

* "nwmap(1)" on page 74 

* "nwpurge(1)" on page 76 

* "nwrights(1)" on page 78 

* "nwsalvage(1)" on page 80 

* "nwsend(1)" on page 82 

+ "StartupLogin.conf(4)" on page 83 
* "StartupMaps.conf(4)" on page 86 
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gnwlogin(1) 


Name 


gnwlogin - Logs a user in to a Novell file server or an eDirectory tree. 


Syntax 

gnwlogin [--author] [-x] [--auto] [--passenv] [-D] [-d] [-A] [-a] [-R][-r] [-L 
<loginscript>] [-P <profilescript>] [-5 <value>] [-4 <value>] [-3 <value>] [-2 
<value>] [--clearconn] [-c <context>] [-u <name>] [-s <server>] [-t <tree>] [- 
-] [-v] [-h] 

Description 


The gnwlogin utility allows a user to log in to a Novell file server or eDirectory tree. Running the 
gnwlogin command launches the Novell Login dialog box. You can add variables and strings to run 
additional scripts and modify variables. 


You must specify the username, password, tree, context, and server. 


Options 


-c <context>, --context <context> 


Specifies the context that the user is logging in to. This value is required. 


-u <name>, --user <name> 


Specifies the user's eDirectory username. This value is required. 


-S <Server>, --server <server> 


Specifies the server that the user is logging in to. This value is required. 


-t <tree>, --tree <tree> 


Specifies the tree that the user is logging in to. This value is required. 


--author 


Show author information. 


-x, --anotherapp 


Running from another application indicator. 


--auto 
Automatically log in. You can use this option along with the --passenv option to keep the 
Novell Login dialog box from pausing on the password prompt. 

--passenv 


Specifies the password via the NWPassword environment variable. You can set NWPassword 
to be the password that you want login to use (when you pass it using -passenv) instead of 
specifying the password on the command line. 
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For example: 

export NWPassword=novell 

gnwlogin -t mytree -c mycontext -u admin --auto --passenv 
-D, --displayoff 

Turns the display results window off. 
-d, --displayon 

Turns the display results window on. 
-A, --closeoff 


Close automatically off. 


-a, --closeon 


Close automatically on. 


-R, --runoff 


Any scripts associated with the specified username are not run. 


-r, --runon 
Runs any scripts associated with the specified username. 
-L <loginscript>, --loginscript <loginscript> 


Runs the specified login scripts during login. 


-P <profilescript>, --profilescript <profilescript> 


Runs the specified Profile login scripts during login. 


-5 <value>, --var5 <value> 
Allows an additional parameter to be entered that the login utility passes to the login script. 


There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 


-4 <value>, --var4 <value> 
Allows an additional parameter to be entered that the login utility passes to the login script. 


There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 


-3 <value>, --var3 <value> 
Allows an additional parameter to be entered that the login utility passes to the login script. 


There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 


-2 <value>, --var2 <value> 


Allows an additional parameter to be entered that the login utility passes to the login script. 
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There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 


--clearconn 


Clears existing server connections before logging in to the current server. 


--, --ignore_rest 


Ignores the rest of the labeled arguments following this flag. 


-v, --version 


Displays version information and exits. 


--h, --help 


Display usage information and exits. 


Authors 


Copyright 2007-2009, Novell, Inc. All rights reserved. http://www.novell.com 


See Also 
nwlogin(1) 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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login.conf(4) 


Name 


login.conf - Novell Client for Linux system-wide configuration file. 


Files 


/etc/opt/novell/ncl/login. conf 


Description 


This file can be modified only by the root user, normally with YaST through the Novell Client 
Configuration Wizard for the login page (click the Novell Tray icon, select System Settings, and start 
the Login Wizard). 


Usage 


Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#), 
are ignored. 


Advanced_Button=[true or false] 


Enables or disables the Advanced button on the Login dialog box. 


Allow_Integrated_Login=[true or false] 


Globally enables or disables automatic login for the workstation. 


Allow_Integrated_LoginGUI=[true or false] 


If authentication fails, calls gnwlogin so the user can reenter his or her password. 


Clear Username-[true or false] 
Clears the previous username from the User Name field in the Login dialog box. 
Debug Level-[0-9] 


Turns on syslog logging of warnings and debug for both the PAM authentication, login, and 
mapping (no interface, must be edited by the root user). O-(default) no debug, 9= highest 
debug. 


Default Context=<context> 


Specify a default context to appear in the Context field on the eDirectory tab of the Login 
dialog box. 


Default Tree=<tree> 


Specify a default tree name to appear in the Tree field on the eDirectory tab ofthe Login dialog 
box. 


Examples 


A sample 1ogin.conf file is given below: 
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Clear Username-tru 


Allow Integrated Login-false 
Default Tree-mycompany 


Default Context-marketing 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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mapdrives.conf(4) 


Name 


mapdrives.conf - Novell Client for Linux user configuration file. 


Files 


SHOME/.novell/ncl/MapDrives.conf 


Description 


Allows you to specify drive mappings to run at startup. Integrated Login is not required, but 
credentials must be saved or the login dialog box appears to get the password at desktop startup. 


Usage 


Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#), 
are ignored. 


[/home/steve/Desktop/Q] 


Location and name of drive link. 


UserName=<username> 
Tree= <name of tree> 
Context=<context> 


Append to UserName for a Fully Distinguished Name. 


[/home/steve/Desktop/next_drive] 


Examples 


A sample MapDrives.conf file is given below: 


n4u.base. tree-name=EXAMPLE-TREE 


n4u.base.dclient.use-udp=0 
n4u.base.slp.max-wait=30 


n4u.nds.advertise-life-time=3600 


n4u.nds.dibdir=/var/nds/dib 


n4u.nds.server-name=SAMPLE-SERV 


n4u.nds.server-context=0=sampl 
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n4u.nds.external-reference-life-span=192 
n4u.nds.inactivity-synchronization-interval=60 
n4u.nds.synchronization-restrictions=off 
n4u.nds.janitor-interval=2 
n4u.nds.backlink-interval=7 

Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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ncl install(8) 


Name 


ncl install - Install, uninstall, or verify the installation of Novell Client for Linux components. 


Syntax 


ncl install [ install | upgrade | uninstall | verify | information | files ] [ 
force ] 


Description 


Allows you to install, upgrade, and uninstall the Novell Client for Linux packages. You can also run 
it to verify the installation of the files. 


You must be logged in as root to run this utility. 


Options 
install 
Installs all Novell Client for Linux packages. 


install force 


Forces the installation of all Novell Client for Linux packages. 


upgrade 
Upgrades all Novell Client for Linux packages. 


upgrade force 


Forces the upgrade of all Novell Client for Linux packages. 


uninstall 


Uninstalls all Novell Client for Linux packages. 


information 


Displays the package information for all installed Novell Client for Linux packages. 


files 
Displays a list of all files related to the packages installed with Novell Client for Linux. 


verify 


Verifies installation of all installed Novell Client for Linux packages. 


help 
Displays help for ncl install. 
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Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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ncl_man(1) 


Name 


ncl man - Displays the Novell Client for Linux man pages. 


Syntax 


ncl man «Novell Client man page name> 


Description 


The ncl man utility modifies the MANPATH to allow the Novell Client man pages to be displayed. 


If you enter man «Novell Client man page name», the following error is displayed: 

No manual entry for «Novell Client man page name». 

Entering ncl man «Novell Client man page name» adds the Novell Client man path to the 
MANPATH and launches man, which displays the specified man page. 

Usage 


ncl man 


Displays a list of all Novell Client man pages. 


ncl man «Novell Client man page name> 


Modifies the MANPATH and launches man to display the specific man page. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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ncl tray(1) 


Name 


ncl tray - Loads the Novell Client for Linux tray application. 


Syntax 
ncl tray [--waitfortray <integer>] [--author] [--] [-v] [-h] 
Description 


Allows you to manually load the Novell Client for Linux tray application. This application provides 
GUI access to Novell Client functionality such as login, logout, mapping drives, and many other 
functions. It requires the X Windows System to be running, because it is a GUI application. 


Options 


Basic Options: 


--waitfortray <integer> 


Wait for tray (value required). 


--author 


Shows author information. 


--, --ignore_rest 


Ignores the rest of the labeled arguments following this flag. 


-v, --version 


Displays version information and exits. 


-h, --help 


Displays version information and exits. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwconnections(1) 


Name 


nwconnections - Lists active connections for the currently logged-in user. 


Syntax 


nwconnections [--] [-v] [-h] 


Description 


The nwconnections utility lets you view all active connections for the currently logged-in user. Use 
the nwmap utility to detach from listed connections. 


Options 


--, -ignore_rest 


Ignores the rest of the labeled arguments following this flag. 


-V 


Displays the version for the package that supplies the nwconnections utility. 


-h, -help 
Displays the help strings. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


See Also 


nwmap(1) 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwcopy(1) 


Name 


nwcopy - Copies files and directories to and from Novell file systems. 


Syntax 


nwcopy [-f] [-c] [-s] -t «target path» -p «source path» [--] [-v] [-h] 


Description 


The nwcopy utility allows you to copy files and directories to and from Novell file systems. Using 
nwcopy preserves Novell file system attributes. 


NOTE: The source and target must be Novell file system (Netware traditional file system or Novell 
storage services). 


Options 
-f, --force 
Rewrites existing targets. 


-C, --compress 

Retains the Novell compression attribute if it is supported. 
-s, --subdir 

Traverses the subdirectories. 
-t <string>, --target <string> 

Specifies the target path where you want the files copied to. 
-p <string>, --source <string> 

Specifies the source path of the files you want to copy. 
--, --ignore_rest 


Ignores the rest of the labeled arguments following this flag. 


-v, --version 


Displays the version for the package that supplies the nwconnections utility. 
-h, --help 

Displays usage information and exits. 
Examples 


nwcopy -c -p.-t my vol 


Copies all files in the current working directory to my vo1 (retaining Novell compression). 
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nwcopy -s -p my vol -t your vol 


Recursively copies all files and directories from my volto your vol. 


nwcopy -f -p my vol -t your vol 


Copies all files or directories from my volto your vol and rewrites the existing targets. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwflag(1) 


Name 


nwflag - Displays or modifies the attributes of files and directories on Novell file systems. 


Syntax 


nwflag (-al-n) (-w|-e «eDir object>|<+|-> «attr modifier») [-s] [-dl-f] [--] 
[7v] [-h] <URI1> {URI2} {URI3} 


Description 


The nwflag utility allows you to display and modify the attributes of files or directories. 


Type 
Displays or sets either the attributes or the owner flag information. 


-a, --attributes 


Displays or sets attribute flags. 


-n, --owner 


Displays or sets owner flags. 


Options 
-S 
Traverse subdirectories. 


-d, --directories 


Displays or modifies directories only. 


-f, --files 


Displays or modifies files only. 


--, --ignore_rest 


Ignores the rest of the labeled arguments following this flag. 


-n, --owner 


Sets the file owner. 


-V, --view_owner 


Displays files that a user owns. 


-h, --help 
Displays the help strings. 
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Attributes 


For additional information on file system attributes, see the File Systems Management Guide for 
OES at http://www.novell.com/documentation/oes/stor_filesys/data/hnOr5fzo.html. 


In this guide, the “Understanding File System Access Control for NSS and NetWare Traditional File 
Systems" section provides information on flags. See http://www.novell.com/documentation/oes/ 
stor filesys/data/bs3fihl.html. 


o-Read-only 
w-Read-write 
c-Compressed 
h-Hidden 
y=System 

k=Can't Compress 
p=Purge 

a=Archive Needed 
m=Migrated 
d=Delete Inhibit 
r-Rename Inhibit 
s=Shareable 
t=Transactional 
i=Copy Inhibit 
x=Execute Only 
q=Don't Migrate 
e=Immediate Compress 
f=Don't Compress 
b=Don't Suballocate 
AI 


n=Normal 


Examples 


nwflag -a -f -e +0 //MYSERVER/SYS/PUBLIC/TES 
Gives all files in the TEST directory a read-only attribute. 


nwflag -a -s -d -e +d //MYSERVER/SYS/PUBLIC/TEST 
Sets all child directories of the TEST directory to Delete Inhibit. 
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nwflag -a -e +p 


Sets the current directory to Purge. 


nwflag -a -s -f -e tate //MYSERVER/SYS //MYSERVER/USER 
Sets all files on vol SYS: and USER: to Archive Needed and Immediate Compress. 


nwflag -n -e -s -f adam.cont.org 


Makes user ADAM the owner of the files in the current directory and subdirectories. 


nwflag -n -w -s -f //MYSERVER/USER | grep -i “adam.cont.org” 
Lists all files owned by user ADAM on volume USER. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwlogin(1) 


Name 


nwlogin - Logs a user in to a Novell file server or an eDirectory tree. 


Syntax 

nwlogin [-c <string>] [-t <string>] [-p <string>] [-u <string>] [-s <string>] 
[-r] [-L <string>] [-P <string>] [-2 <string>] [-3 <string>] [-4 <string>] [-5 
<string>] [--clearconn] [==] [-v] [-h] 

Description 


The nwlogin utility allows a user to log in to a Novell file server or eDirectory tree from a terminal. 
When you execute the nwlogin command, you can add variables and strings to run additional 
scripts and modify variables. 


You must specify the username, password, tree, context, and server. 


Options 


-c <string>, --context <string> 


Specifies the context that the user is logging in to. This value is required. 


-t <string>, --tree <string> 


Specifies the tree that the user is logging in to. This value is required. 


-p <string>, --password <string> 


Specifies the user's eDirectory password. This value is required. 


-u <string>, --user <string> 


Specifies the user's eDirectory username. This value is required. 


-s <string>, --server <string> 


Specifies the server that the user is logging in to. This value is required. 


-E, --passenv 


Specifies the password via the NWPassword environment variable. You can set NWPassword 
to be the password that you want login to use (when you pass it using -passenv) instead of 
specifying the password on the command line. 


For example: 

export NWPassword=novell 

nwlogin -r -t mytree -s myserver -u admin -c mycontext --passenv 
-r runscripts 


Runs any scripts associated with the specified username. 
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-L <string>, --LoginScript <path to login script file on local workstation> 


Runs the specified login scripts during login. 


-P <string>, --ProfileScript <path to a login script file on local workstation> 


Runs the specified Profile login scripts during login. 


-2 <string>, --variable2 <string> 
Allows an additional parameter to be entered that the login utility passes to the login script. 


There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 


-3 <string>, --variable3 <string> 
Allows an additional parameter to be entered that the login utility passes to the login script. 


There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 


-4 <string>, --variable4 <string> 
Allows an additional parameter to be entered that the login utility passes to the login script. 


There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 
-5 <string>, --variable5 <string> 
Allows an additional parameter to be entered that the login utility passes to the login script. 


There are four Yon variables that can be specified during login (2, 3, 4, and 5). The utility then 
substitutes these parameters for the Yon variables in the login script. 


The variables are replaced in the order specified, by selecting -2, -3, -4, or -5. 


--clearconn 


Clears existing server connections before logging in to the current server. 


--, --ignore_rest 
Ignores the rest of the labeled arguments following this flag. 
-v, --version 


Displays version information and exits. 


-h, --help 


Displays usage information and exits. 


Examples 


nwlogin -s MYSERVER -u MYUSER -c MYCONTEXT -t MYTREE -p MYPASSWORD -2 
MYVARIABLE L P r 


nwlogin -u MYUSER -p MYPASSWORD -t MYTREE -c MYCONTEXT -s MYSERVER 
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Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


See Also 


nwlogout(1), nwconnections(1) 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwlogout(1) 


Name 


nwlogout - Logs the user out of a Novell or eDirectory tree. 


Syntax 
nwlogout {-s <string>|-t <string>|-a} [-f] [--] [-v] [-h] 
Description 


The nwlogout utility allows a user to log out of a specific Novell file server or eDirectory tree or to 
log out of all trees and servers. 


Options 


Required: 


-s <string>, --server <string> 


Specifies the server the user is logging out of. This value is required if either the tree or closeall 
option is not used. 


-t <string>, --tree <string> 


Specifies the tree that the user will be logged out of. This value is required if either the server or 
closeall option is not used. 


-a, --closeall 


Closes all open connections. This value is required if either the server or tree option is not used. 


Optional: 


-f, --forceall 


Forces all confirmations. 


--, --ignore_rest 


Ignores the rest of the labeled arguments following this flag. 


-v, --version 


Displays the version of the package that nwlogout is a part of. 


--help, --help 
Display the help strings. 


Examples 


nwlogout -s MYSERVER 


nwlogout -t MYTREE 
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Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


See Also 
nwlogin(1) 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwmap(1) 


Name 


nwmap - Creates a mapping (mount) from a local file system to a remote file system on a Novell file 
server. 


Syntax 


map -d drive <-s server> -v volume <-f filespec> 
or 


local path:-«remote path>> 


map <<options> «parameters» drive:=<path> 


Description 


The nwmap utility creates a mapping (similar to a mount point) to a remote path on a Novell file 
server. 


NOTE: nwmap is a symbolic link to the map. You can use nwnap command to map a remote volume. 
If you are already authenticated using a nwlogin command, nwmap will not require you to re- 
authenticate. However, if you want to run nwmap on a new machine and you want nwmap itself to 
authenticate, you can either pass the username, password as a parameter or use the -E switch which 
will take an environment variable NWPassword as the password. 


Options 


-d, --drive «drive letter or path 
Specifies the drive letter or path that you are mapping to. 
The path can be in the following forms: 
//server/volume/path 
server/volume: 
server/volume:/path 
.directory_object_name.fully_distiguished_eDirectory_path (such as a cluster volume--for 
example, my_dir.usrs.accnt.mycompany) 
-$, --Server <string> 


Specifies the server that you are mapping to. 
-v, --volume <string> 

Specifies the volume that you are mapping to. 
-f, --filespec 


Specifies any remote file system folders that are relative to the volume or folder you have 
specified. 
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-display <on|off> 


Determines whether or not the results of this specific Map command are displayed at the 
command terminal. 


-errors <on|off> 

This does not function in Linux. It is included for script compatibility only. 
-h, --help 

Displays the help strings. 


Parameters 
INS or INSERT 
This does not function in Linux. It is included for script compatibility only. 


DEL or DELETE 


Deletes a drive mapping, making that drive letter available for other mapping assignments. 


R or ROOT 


This does not function in Linux. It is included for script compatibility only. 


C or CHANGE 


This does not function in Linux. It is included for script compatibility only. 


P or PHYSICAL 


This does not function in Linux. It is included for script compatibility only. 


N or NEXT 


Maps the next available drive when used without specifying a drive number or letter. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwpurge(1) 


Name 


nwpurge - Purges deleted files and directories from Novell file system. 


Syntax 

nwpurge {-l|-al-r|-f <string> ... } [--] [-v] [-h] <FileSystem objects 
to perform operations with» ... 

Description 


The nwpurge utility enables you to purge deleted files and directories from Novell file system. 


Options 
-l --list 
Displays the objects to be purged. 
-a, --purgeall 
Purges all file system objects at the current level. 
-r, --subdirectories 
Purges subdirectories. 
-f <string>, --files <string> 
Purges listed files. This option accepts multiple values. 


--, --ignore_rest 


Ignores the rest of the labeled arguments following this flag. 
-v, --version 

Displays version information and exits. 
-h, --help 

Displays usage information and exits. 


<FileSystem objects to perform operations with> 


Accepts multiple file system objects. 


NOTE: It is mandatory to use either of the following options with the nwpurge utility: -l, -a, -r, -f. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 
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See Also 


nwsalvage(1) 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwrights(1) 


Name 


nwrights - Displays or modifies a user's trustee assignments or inherited rights filter for volumes, 
directories, or files. 


Syntax 


nwrights (-t|-f <+|->rights list |-r <+|->rights list] {-m <+|- 
>rights list |-w|-e) [-o <string>] [-s] [--] [-v] [-h] «FileSystem objects to 
perform operation with> ... 


Description 


The nwrights utility allows you to display and give rights to files and directories on a Novell server. 
Rights can be given directly or through inherited rights filters. 


Options 


-W 
View the trustees, inheritance filter, or effective rights. 
-e 
Remove Trustee. 
-S 
Traverse subdirectories. 
-r <+|-><rights> 
Allows you to add (+) or delete (-) specified rights to or from the rights list. The rights are: 
s=Supervisor 
r=Read 
w=Write 
c=Create 
e=Erase 
m=Modify 
f=File Scan 
a=Access Control 
n=No Rights 
I=All rights except Supervisor 


-t 
Displays the trustee rights. 
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-m 
Removes the specified trustee rights. 
-f 
Displays or modifies the inherited rights filter. 
-i 
Displays or modifies the inherited rights filter. 
-0 «user or group object name> 
Specifies the User or Group object that you want to change the rights for. 


-p «network path> 


Specifies the network path to the file. 


-y 
Displays version information and exits. 
-h 
Displays the help strings. 
Examples 


nwrights -t -w dirl 

Displays the trustees on a directory named dir1. 
nwrights -r -w dirl 

Displays the effective rights. 

nwrights -f -w dirl 

Displays inheritance filter. 

nwrights -t -e -o "abc.xyz" dirl 
Removes the trustee abc.xyz. 

nwrights -t -m +r -o "abc.xyz" dirl 


Assigns read access to the trustee abc.xyz. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwsalvage(1) 


Name 


nwsalvage - Restores deleted files and directories on Novell file system. 


Syntax 

nwsalvage {-l|-al|-f «string» ... } [--] [-v] [-h] <FileSystem objects 
to perform operations with» ... 

Description 


The nwsalvage utility enables you to salvage deleted files and directories from Novell file system. 
In a hierarchical directory structure, you must use this utility to salvage files or directories at each 
level of the directory structure before proceeding to the next level. 


Options 
-L --list 
Displays the objects to be salvaged. 
-a, --Salvageall 
Salvages all file system objects at the current level. 
-f <string>, --files <string> 
Salvages listed files. This option accepts multiple values. 
--, --ignore_rest 
Ignores the rest of the labeled arguments following this flag. 
-v, --version 
Displays version information and exits. 
-h, --help 
Displays usage information and exits. 


<FileSystem objects to perform operations with> 


Accepts multiple file system objects. 


NOTE: It is mandatory to use either of the following options with the nwsalvage utility: -l, -a, -f. 


Examples 


The following examples describe the usage of nwsalvage command when the user working directory 
is a mapped volume: 


nwsalvage -1. 
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Lists the set of files and directories that can be salvaged in the current directory. 
nwsalvage -a . 

Salvages all the files and directories in the current directory. 

nwsalvage -f filel files diri dir3 


Salvages only the specified objects. 


The folowing examples describe the usage of nwsalvage command when the user working directory 


is not a mapped volume: 

nwsalvage -1  /home/localuserl/VKNSSVOl1 

Displays the objects to be salvaged. 

nwsalvage -a /home/localuserl/VKNSSVOl1 

Salvages all file system objects at the current level. 

nwsalvage -f filel /home/localuserl/VKNSSVO11/Salvagel/Salvagel2/ 


Salvages only the specified objects. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


See Also 
nwpurge(1) 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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nwsend(1) 


Name 


nwsend - Sends messages to users or groups who are currently connected to a Novell server or sends 
a message to the server console. 


Syntax 


nwsend «flags» -s «target server» -o «fully distinguished user name> -m 
«message text» 


Description 


The nwsend utility allows you to send messages to users or groups who are currently connected to a 
Novell server, or allows you to send a message to the server console. 


NOTE: When you send a message to a group, you must specify only the groupname and not the 
FQDN of the groupname. 


Options 
-g «message 
Sends messages to groups. 


-c <message> 


Sends a message to the server console. 


-c <message> 


Sends a message to the server console. 


-s «server name» 


Specifies the server. 


-0 <string> 


Specifies the user's fully distinguished eDirectory user name. 


-m <message> 


Specifies the message sent to a specific person. 


-h, --help 
Displays the help strings. 


Authors 


Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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StartupLogin.conf(4) 


Name 


StartupLogin.conf - Novell Client for Linux user configuration file. 


Files 


SHOME/.novell/ncl/StartupLogin.conf 


Description 


All the current fields in the Novell Login dialog box (except the password) are stored in this 
configuration file. This file uses the same format as the Login.conf file. 


Usage 


Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#), 
are ignored. 


UserName=<username> 


The user's eDirectory username. This line is required. 


Tree=<tree name> 


The name of the eDirectory tree the user is logging in to. This line is required. 


Context=<context> 


The location of the User object in the eDirectory tree. This line is required. 


Server=<server name> 


The name or IP address of the server the user is logging in to. 


ClearConnections-[true or false] 


Clears any existing connections to servers before logging in. The default is false. 


RunScripts=[true or false] 


Runs the user's login script. The default is true. 


DisplayResults=[true or false] 
Displays the results of the log in script in a window during login. The default is false. 
CloseAutomatically=[true or false] 


Closes the login script display window after login. The default is true. 


LoginScript=<DEFAULT>/<user defined text> 
Specify a login script for the user. The default is <DEFAULT>. 


ProfileScript=<DEFAULT> 
Specify a profile login script for the user. The default is <DEFAULT>. 
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Variable2=<user defined text> 


%2 variable. When a user logs in, additional parameters can be entered that the LOGIN utility 
passes to the login script. The utility then substitutes these parameters for any %n variables in 
the login script. These variables are replaced in order by the parameters the user entered when 
logging in. 


Variable3=<user defined text> 


%3 variable. When a user logs in, additional parameters can be entered that the LOGIN utility 
passes to the login script. The utility then substitutes these parameters for any %n variables in 
the login script. These variables are replaced in order by the parameters the user entered when 
logging in. 

Variable4=<user defined text> 


%4 variable. When a user logs in, additional parameters can be entered that the LOGIN utility 
passes to the login script. The utility then substitutes these parameters for any %n variables in 
the login script. These variables are replaced in order by the parameters the user entered when 
logging in. 

Variable5=<user defined text> 


%5 variable. When a user logs in, additional parameters can be entered that the LOGIN utility 
passes to the login script. The utility then substitutes these parameters for any %n variables in 
the login script. These variables are replaced in order by the parameters the user entered when 
logging in. 


AllowLoginGUI=[true or false] 


The default is true. If eDirectory authentication fails, display Novell Login dialog during 
session startup (after initial login). 


Examples 


A sample StartupLogin.conf file is given below: 
[Startup] 


UserName - admin 


Tree = MYCOMPANY TREE 


Context = novell 
Server = 
LastSessionID = 1 
RunScripts = yes 
DisplayResults = yes 


CloseAutomatically = yes 


LoginScript = <DEFAULT> 


ProfileScript = <DEFAULT> 


Variable2 = 
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Variable3 = 
Variable4 = 


Variable5 = 


Authors 


Copyright 2007-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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StartupMaps.conf(4) 


Name 


StartupMaps.conf - Novell Client for Linux configuration file. 


Files 


SHOME/.novell/ncl/StartupMaps. conf 


Description 

Specify drive mappings to run at startup. Integrated Login is not required, but credentials must be 
saved or the login dialog box appears to get the password at desktop startup. 

Usage 


Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#), 
are ignored. 


[/home/<username>/Desktop/<drive_link>] 


Location and name of drive link. 


UserName=<username> 


A valid eDirectory username. 


Tree= <tree name> 


The eDirectory tree. 


Context=<context> 


Append to UserName for a fully distinguished name. 


Mapped=<filesystem_path> 
For example: Mapped = \\mycompany\sys: 


[/home/<username>/Desktop/next_drive] 


Examples 


A sample StartupMaps.conf file is given below: 
[/home/mycompany/Desktop/xyzzy] 


UserName - admin.novell 


Tree = MYCOMPANY TREE 


Context = 


Mapped = \\mycompany\sys: 
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[/home/mycompany/Desktop/pub] 


UserName = admin.novell 


Tree = MYCOMPANY TREE 
Context = 


Mapped = \\mycompany\SYS:PUBLIC\ 


Authors 


Copyright 2007-2009, Novell, Inc. All rights reserved. http://www.novell.com 


To report problems with this software or its documentation, visit http://bugzilla.novell.com 
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Documentation Updates 


This section contains information on documentation content changes made in this guide since the 
initial release of the Novell® Client™ for Linux. The information will help you keep current on 
updates to the documentation. 


The documentation was updated on the following dates: 


* 


* 


Section C.1, “September, 2009,” on page 89 
Section C.2, “August, 2008," on page 89 


C.1 September, 2009 


* 


* 


Added integrated login scenarios Section 3.1, "Setting Up Integrated Login," on page 23. 


Added section on server side configuration Section 2.3, "Server Side Configuration for 
Sending Messages from Client to Users and Groups," on page 21. 


Modified man pages for nwpurge nwpurge(1) (page 76). 
Modified man pages for nwsalvage nwsalvage(1) (page 80). 
Modified man pages for nwrights nwrights(1) (page 78). 
Added a note in the manpages for nwcopy nwcopy(1) (page 64) 


C.2 August, 2008 


* 


Updated the title page in the PDF version of the guide. 
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